<?php
session_start();
include '../tools/tools.php';
$username = $_POST['username'];
$password = $_POST['password'];

if ($_POST['logout'] == 'true') {
    session_destroy();
} else {
    $db = local_db();
    $sql = "SELECT * FROM `users` WHERE username='$username' AND password='$password'";
    $result = $db->query($sql);
    if ($result->num_rows > 0) {
        if ($row = $result->fetch_assoc()) {
            $_SESSION['logged_in'] = true;
            $_SESSION['username'] = $username;
        }
    }
}
